# Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs

- 174 Downloads

## Abstract

In this paper, we study the two fundamental functionalities *oblivious polynomial evaluation in the exponent* and *set-intersection* and introduce a new technique for designing efficient secure protocols for these problems (and others). Our starting point is the technique (Benabbas et al. in CRYPTO, 2011) for verifiable delegation of polynomial evaluations, using *algebraic PRFs*. We use this tool, that is useful to achieve *verifiability* in the *outsourced setting*, in order to achieve *privacy* in the *standard two-party* setting. Our results imply new simple and efficient oblivious polynomial evaluation (OPE) protocols. We further show that our OPE protocols are readily used for secure set-intersection, implying much simpler protocols in the plain model. As a side result, we demonstrate the usefulness of algebraic PRFs for various search functionalities, such as keyword search and oblivious transfer with adaptive queries. Our protocols are secure under full simulation-based definitions in the presence of malicious adversaries.

## Keywords

Efficient secure computation Oblivious polynomial evaluation Secure set-intersection Committed oblivious PRF## References

- 1.Y. Azar, A.Z. Broder, A.R. Karlin, E. Upfal, Balanced allocations.
*SIAM J. Comput.***29**(1), 180–200 (1999)Google Scholar - 2.G. Ateniese, E. De Cristofaro, G. Tsudik, (if) size matters: Size-hiding private set intersection, in
*IACR Cryptology ePrint Archive*, 2010:220 (2010)Google Scholar - 3.G. Ateniese, Ö. Dagdelen, I. Damgård, D. Venturi, Entangled cloud storage, in
*IACR Cryptology ePrint Archive*, 2012:511 (2012)Google Scholar - 4.G. Aggarwal, N. Mishra, B. Pinkas, Secure computation of the kth-ranked element, in
*EUROCRYPT*(2004), pp. 40–55Google Scholar - 5.R. Bendlin, I. Damgård, C. Orlandi, S. Zakarias, Semi-homomorphic encryption and multiparty computation, in
*EUROCRYPT*(2011), pp. 169–188Google Scholar - 6.D. Beaver, Foundations of secure interactive computing, in
*CRYPTO*(1991), pp. 377–391Google Scholar - 7.S. Benabbas, R. Gennaro, Y. Vahlis, Verifiable delegation of computation over large datasets, in
*CRYPTO*(2011), pp. 111–131Google Scholar - 8.A.Z. Broder, M. Mitzenmacher, Using multiple hash functions to improve IP lookups, in
*INFOCOM*(2001), pp. 1454–1463Google Scholar - 9.R. Canetti, Security and composition of multi-party cryptographic protocols.
*Journal of Cryptology***13**, 143–202 (2000)Google Scholar - 10.E. De Cristofaro, J. Kim, G. Tsudik, Linear-complexity private set intersection protocols secure in malicious model, in
*ASIACRYPT*(2010), pp. 213–231Google Scholar - 11.Y.C. Chang, C.J. Lu, Oblivious polynomial evaluation and oblivious neural learning.
*Theor. Comput. Sci.***341**(1-3), 39–54 (2005)Google Scholar - 12.D. Chaum, T.P. Pedersen, Wallet databases with observers, in
*CRYPTO*(1992), pp. 89–105Google Scholar - 13.E. De Cristofaro, G. Tsudik, Practical private set intersection protocols with linear complexity, in
*Financial Cryptography*(2010), pp. 143–159Google Scholar - 14.C. Dong, L. Chen, Z. Wen, When private set intersection meets big data: an effcient and scalable protocol, in
*IACR Cryptology ePrint Archive*, 2013:515 (2013)Google Scholar - 15.I. Damgård, M. Jurik, J.B. Nielsen, A generalization of paillier’s public-key system with applications to electronic voting.
*Int. J. Inf. Sec.***9**(6), 371–385 (2010)Google Scholar - 16.I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl, N.P. Smart, Practical covertly secure MPC for dishonest majority - or: Breaking the SPDZ limits, in
*Computer Security - ESORICS 2013 - 18th European Symposium on Research in Computer Security, Egham, UK, September 9-13, 2013. Proceedings*(2013), pp. 1–18Google Scholar - 17.I. Damgård, V. Pastro, N.P. Smart, S. Zakarias, Multiparty computation from somewhat homomorphic encryption, in
*CRYPTO*(2012), pp. 643–662Google Scholar - 18.D. Dachman-Soled, T. Malkin, M. Raykova, Moti Yung, Efficient robust private set intersection, in
*ACNS*(2009), pp. 125–142Google Scholar - 19.Y. Dodis, A. Yampolskiy, A verifiable random function with short proofs and keys, in
*Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings*(2005), pp. 416–431Google Scholar - 20.S. Faust, C. Hazay, D. Venturi, Outsourced pattern matching, in
*ICALP*(2013)Google Scholar - 21.M.J. Freedman, Y. Ishai, B. Pinkas, O. Reingold, Keyword search and oblivious pseudorandom functions, in
*TCC*(2005), pp. 303–324Google Scholar - 22.M.J. Freedman, K. Nissim, B. Pinkas, Efficient private matching and set intersection, in
*EUROCRYPT*(2004), pp. 1–19Google Scholar - 23.T. El Gamal, A public key cryptosystem and a signature scheme based on discrete logarithms.
*IEEE Transactions on Information Theory***31**(4), 469–472 (1985)Google Scholar - 24.N. Gilboa, Two party rsa key generation, in
*CRYPTO*(1999), pp. 116–129Google Scholar - 25.O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or a completeness theorem for protocols with honest majority, in
*STOC*(1987), pp. 218–229Google Scholar - 26.O. Goldreich,
*Foundations of Cryptography: Volume 2, Basic Applications*(Cambridge University Press, New York, NY, USA, 2004)Google Scholar - 27.C. Hazay, Oblivious polynomial evaluation and secure set-intersection from algebraic prfs, in
*Theory of Cryptography - 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23-25, 2015, Proceedings, Part II*(2015), pp. 90–120Google Scholar - 28.C. Hazay, Y. Lindell, Efficient oblivious polynomial evaluation with simulation-based security.
*IACR Cryptology ePrint Archive*, 2009:459 (2009)Google Scholar - 29.C. Hazay, Y. Lindell, Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries.
*J. Cryptology***23**(3), 422–456 (2010)Google Scholar - 30.C. Hazay, Y. Lindell,
*Efficient Secure Two-Party Protocols – Techniques and Constructions*(Springer-Verlag, 2010)Google Scholar - 31.C. Hazay, G.L. Mikkelsen, T. Rabin, T. Toft, Efficient RSA key generation and threshold paillier in the two-party setting, in
*CT-RSA*(2012), pp. 313–331Google Scholar - 32.C. Hazay, K. Nissim, Efficient set operations in the presence of malicious adversaries.
*J. Cryptology***25**(3), 383–433 (2012)Google Scholar - 33.C. Hazay, T. Toft, Computationally secure pattern matching in the presence of malicious adversaries, in
*ASIACRYPT*(2010), pp. 195–212Google Scholar - 34.Y. Ishai, M. Prabhakaran, A. Sahai, Founding cryptography on oblivious transfer—efficiently, in
*CRYPTO*(2008), pp. 572–591Google Scholar - 35.S. Jarecki, X. Liu, Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection, in
*TCC*(2009), pp. 577–594Google Scholar - 36.S. Jarecki, X. Liu, Fast secure computation of set intersection, in
*SCN*(2010), pp. 418–435Google Scholar - 37.A. Kirsch, M. Mitzenmacher, U. Wieder, More robust hashing: Cuckoo hashing with a stash, in
*Algorithms—ESA 2008, 16th Annual European Symposium, Karlsruhe, Germany, September 15–17, 2008. Proceedings*(2008), pp. 611–622Google Scholar - 38.L. Kissner, D. Xiaodong Song, Privacy-preserving set operations, in
*CRYPTO*(2005), pp. 241–257Google Scholar - 39.Y. Lindell, Fast cut-and-choose based protocols for malicious and covert adversaries, in
*CRYPTO (2)*(2013), pp. 1–17Google Scholar - 40.Y. Lindell, E. Oxman, B. Pinkas, The IPS compiler: optimizations, variants and concrete efficiency, in
*CRYPTO*, pp. 259–276Google Scholar - 41.Y. Lindell, B. Pinkas, Privacy preserving data mining.
*J. Cryptology*15(3), 177–206 (2002)Google Scholar - 42.Y. Lindell, B. Pinkas, Secure two-party computation via cut-and-choose oblivious transfer, in
*TCC*(2011), pp. 329–346Google Scholar - 43.S. Micali, P. Rogaway, Secure computation (abstract), in
*CRYPTO*(1991), pp. 392–404Google Scholar - 44.J.B. Nielsen, P.S. Nordholt, C. Orlandi, S.S. Burra, A new approach to practical active-secure two-party computation, in
*CRYPTO*(2012), pp. 681–700Google Scholar - 45.J.B. Nielsen, C. Orlandi, Lego for two-party secure computation, in
*TCC*(2009), pp. 368–386Google Scholar - 46.M. Naor, B. Pinkas, Oblivious transfer and polynomial evaluation, in
*STOC*(1999), pp. 245–254Google Scholar - 47.M. Naor, B. Pinkas, Oblivious polynomial evaluation.
*SIAM J. Comput.***35**(5), 1254–1281 (2006)Google Scholar - 48.M. Naor, O. Reingold, Number-theoretic constructions of efficient pseudo-random functions, in
*FOCS*, (1997), pp. 458–467Google Scholar - 49.T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes, in
*CRYPTO*(1992), pp. 31–53Google Scholar - 50.P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in
*EUROCRYPT*, (1999), pp. 223–238Google Scholar - 51.B. Pinkas, T. Schneider, G. Segev, M. Zohner, Phasing: private set intersection using permutation-based hashing, in
*USENIX*(2015), pp. 515–530Google Scholar - 52.B. Pinkas, T. Schneider, M. Zohner, Faster private set intersection based on OT extension, in
*Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20–22, 2014*(2014), pp. 797–812Google Scholar - 53.C.P. Schnorr, Efficient identification and signatures for smart cards, in
*CRYPTO*(1989), pp. 239–252Google Scholar - 54.B. Schoenmakers, P. Tuyls, Practical two-party computation based on the conditional gate, in
*ASIACRYPT*(2004), pp. 119–136Google Scholar - 55.D. Vergnaud, Efficient and secure generalized pattern matching via fast fourier transform, in
*AFRICACRYPT*(2011), pp. 41–58Google Scholar - 56.A.C.C. Yao, How to generate and exchange secrets (extended abstract), in
*FOCS*(1986), pp. 162–167Google Scholar - 57.H. Zhu, F. Bao, Augmented oblivious polynomial evaluation protocol and its applications, in
*ESORICS*(2005), pp. 222–230Google Scholar